WO2001099021A1 - System and method for application of network access policy to ecommerce transactions - Google Patents

System and method for application of network access policy to ecommerce transactions Download PDF

Info

Publication number
WO2001099021A1
WO2001099021A1 PCT/US2001/020147 US0120147W WO0199021A1 WO 2001099021 A1 WO2001099021 A1 WO 2001099021A1 US 0120147 W US0120147 W US 0120147W WO 0199021 A1 WO0199021 A1 WO 0199021A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
network
interface
authentication database
attribute data
Prior art date
Application number
PCT/US2001/020147
Other languages
French (fr)
Other versions
WO2001099021A9 (en
Inventor
Albert Reiche
Original Assignee
Gopin Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gopin Inc filed Critical Gopin Inc
Priority to AU2001278853A priority Critical patent/AU2001278853A1/en
Publication of WO2001099021A1 publication Critical patent/WO2001099021A1/en
Publication of WO2001099021A9 publication Critical patent/WO2001099021A9/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/023Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] the neutral party being a clearing house
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/305Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wired telephone networks

Definitions

  • DMSTM Digital Multiplexing System
  • the transaction engine of the invention may do so, for example
  • FIG 1 illustrates an overall architecture for
  • FIG. 2 illustrates a transaction event processed
  • FIG. 3 illustrates ' a flowchart of network transaction
  • Figure ' 4 illustrates an overall architecture for
  • the DMS The DMS
  • platform may typically be deployed to manage and allocate network access to persons holding valid calling card
  • 102 may be or include, for instance, a personal computer
  • BeOS TM BeOS TM, MacOS TM or other operating system or platform.
  • client 102 may also be or include a network-enabled appliance
  • connects may be, include or interface to any one or more of,
  • LAN Local Area Network
  • WAN Wide Area Network
  • MAN Metropolitan Area Network
  • AIN Advanced Intelligent Network
  • SONET synchronous optical network
  • Tl T3 or El line
  • Digital Data Service (DDS) connection DSL
  • V.90, V.34 or V.34bis analog modem connection such as a V.90, V.34 or V.34bis analog modem connection
  • FDDI Fiber Distributed Data Interface
  • CDDI Code Division Multiple Interface
  • link 114 may furthermore "be, include or interface to any one
  • WAP Wireless Application Protocol
  • GPRS GPRS
  • GSM Global System for Mobile communications
  • CDMA Code Division Multiple
  • TDMA Time Division Multiple Access
  • GPS Global Positioning . System
  • CDPD cellular digital packet data
  • RIM Research in
  • Communications link 114 may yet further be, include or
  • communications links may include the same types of resources.
  • the telephony engine 108 supporting
  • DMS-500 DMS-GSP; DMS-MTX; DMS-PSN/Programmable Switch; DMS-
  • the resulting transaction mechanism is secure, authenticated and may be fully or partly
  • consumer operating the client 102 may access a Web page or
  • client 102 is in possession of a personal ticket 138 when
  • transaction server 106 may be or include, for instance, a
  • personal ticket 138 may be received by the transaction server '
  • the transaction server 106, ' the personal ticket 138 may be
  • Authentication database 110 may be, include or interface
  • LIDB line Information database
  • the authentication database 110 may likewise be,
  • VBS Validation Service
  • the authentication database 110 may further be, include
  • SQL Standard Query Language
  • Microsoft AccessTM or others may also be used, incorporated or accessed in the
  • the authentication database 110 may record consumer
  • an acceptance -signal may be passed via communications link 120
  • server 106 may hash or encrypt a digital signature or one or
  • the vendor may receive this information, including the
  • personal ticket 138 in whole or part, and which may be in
  • 104b, ... 104n may embed further identification, transaction or
  • the information pertaining to the transaction may be kept private, except to the service provider operating the
  • a consumer may choose to permit account and
  • inventions may be encrypted using the X.500, X.509, SSL (Secure
  • Socket Layer Socket Layer
  • SET Secure Electronic Transaction
  • a transaction event according to the invention is
  • operating with client 102 may communicate attribute data 140
  • transaction server 106 including authentication information recorded on authentication database 110.
  • server 106 may then transmit a confirmation 148 to the vendors
  • the given transaction vendor 104a, 104b, ... 104n may then
  • the consumer at client 102 may
  • the transaction server 106 may issue
  • the transaction server 106 may
  • vendor ...10.4a, 104b, ... 104n including to provide billing or
  • step 302
  • step 304 the consumer may transmit
  • vendors 104a, 104b, ... 104n may interrogate the consumer at
  • step 308 the consumer may engage
  • server 106 may thus be securely aware of the identity of the
  • vendors 104a, 104b, ... 104n may not be
  • step 310 the transaction server 106 may
  • step 312 the transaction server 106 may communicate
  • step 314 the transaction server
  • step 316 an encrypted
  • transaction site' or sites such as Web pages or other portals,
  • the vendor may consequently
  • authentication entities could also own or operate the
  • steps of the transaction processing may be executed in reverse

Abstract

A secure and anonymous transaction network where a client (102) and vendor (104a) conduct electronic transactions using a telephony based payment engine (108).

Description

SYSTEM AND METHOD FOR APPLICATION OF NETWORK ACCESS POLICY TO
ECOMMERCE TRANSACTIONS
_ Field of the Invention
The invention relates to the field of electronic
commerce, and more particularly to secure network transactions
using telephony-based access management.
Background of the Invention
The increasing demand for Internet transactions has
prompted an increasing need for advanced electronic payment
arrangements. While the prospects of frictionless commerce
and reduced cost on the supply side have made many consumers
interested in purchasing more goods and services over the
Internet, many people are concerned about the security and
integrity of payment mechanisms on the Web. Third party
credit-.card accounts, for instance, are widely available and
often used but are not considered totally secure, since the
consumer must allow credit card account number or other
sensitive information to be transmitted over a number of hops
and ultimately be deposited on a merchant's or other Web
server. A variety of credit-based and cash-based payment
architectures have been attempted or proposed, but none offer
the universality, reliability and security of, for example,
the billing infrastructure of the public telecommunications
network for telephone usage. More robust yet secure network
transaction technology is desirable.
Summary of the Invention
The invention overcoming these and other problems in the
art relates to a system and method for the application of
network access policy to ecommerce transactions, in which
existing telecommunications resources may be deployed to
support generalized network transactions. More particularly,
according to the invention telephone network switching and
administrative infrastructure such as the Nortel Networks
Digital Multiplexing System (DMS™) and associated ■ access
policy management protocols along with other services supplied
by that platform may be taken advantage of for the distinct
purposes f electronic commerce fulfillment.
The transaction engine of the invention may do so, for
instance, by issuing personal ticket, digital certificate or
other authentication receipts after validation against calling card, credit card, or other payment or authentication
databases via line information database or other resources. Brief Description of the Drawings
The invention will be described with respect to the
accompanying drawings, in which like elements are referenced
with like numerals.
Figure 1 illustrates an overall architecture for
transaction processing according to the invention.
Figure 2 illustrates a transaction event processed
according to the invention.
Figure 3 illustrates' a flowchart of network transaction
processing according to the invention.
Figure' 4 illustrates an overall architecture for
transaction processing according to the invention in another
regard .
Detailed Description of Preferred Embodiments
As illustrated in Figure 1, in the existing public
telecommunications network, advanced platforms such as the
Nortel Networks DMS™ series of switches represent a widely
available, highly robust infrastructure whose conventional use
is to record electronic events of a specific type, namely
telephone calls and other telecommunication services. The DMS
platform may typically be deployed to manage and allocate network access to persons holding valid calling card,
residential, business or other telecommunications accounts.
The system and method of the invention in one regard relate to
the adaptation of the transaction capabilities of this and
other existing telecommunication plant for the separate
purpose of electronic commerce, such as Internet and other
network purchases .
As illustrated in Figure 1, in the overall arrangement a
customer or consumer operating an Internet or other client 102
communicates via communications link 114 to a one or more of a
group of vendors 104a, 10'4b, ...104n (n arbitrary) . The client
102 may be or include, for instance, a personal computer
running the Microsoft Windows™ 95, 98, Millenium™, NT™, or
2000, Windows™CE™, PalmOS™, Unix, Linux, Solaris ™, OS/2 ™,
BeOS ™, MacOS ™ or other operating system or platform. The
client 102 may also be or include a network-enabled appliance
such as a WebTV™ unit, radio-enabled Palm™ Pilot or similar
unit, a set-top box, a networkable game-playing console such
as Sony. Playstation™ or Sega Dreamcast™, a browser-equipped
cellular telephone,' or other TCP/IP client or other device.
The communications link 114 to which the client 102
connects may be, include or interface to any one or more of,
for instance, 'the Internet, an intranet", a PAN (Personal Area
Network) , a LAN (Local Area Network) , a WAN (Wide Area Network) or a MAN (Metropolitan Area Network) , a frame relay
connection, an Advanced Intelligent Network (AIN) connection,
a synchronous optical network (SONET) connection, a digital
Tl, T3 or El line, Digital Data Service (DDS) connection, DSL
(Digital Subscriber Line) connection, an Ethernet connection,
an ISDN (Integrated Services Digital Network) line, a dial-up
port such as a V.90, V.34 or V.34bis analog modem connection,
a cable modem, an ATM (Asynchronous Transfer Mode) connection,
or FDDI (Fiber Distributed Data Interface) or CDDI (Copper
Distributed Data Interface) connections. The communications
link 114 may furthermore "be, include or interface to any one
or more of a WAP (Wireless Application Protocol) link, a GPRS
(General Packet Radio Service) link, a GSM (Global System for
Mobile Communication) link, a CDMA (Code Division Multiple
Access) or TDMA (Time Division Multiple Access) link such as a
cellular phone channel, a GPS (Global Positioning . System)
link, CDPD (cellular digital packet data) , a RIM (Research in
Motion, Limited) duplex paging type device, a Bluetooth radio
link, .or. an IEEE 802.11-based radio frequency link.
Communications link 114 may yet further be, include or
interface to any one or more of an RS-232 serial connection,
an IEEE-1394 (Firewire) connection, an IrDA (infrared) port, a
SCSI (Small Computer Serial .Interface) connection, a USB
(Universal Serial Bus) connection or other wired or wireless, digital or analog interface or connection. Other illustrated
communications links may include the same types of resources.
In one embodiment, the telephony engine 108 supporting
transaction processing according to the invention may
preferably be or include a DMS™ 100, DMS™ 200, DMS™ 300, DMS™
500 or other series telephony switching and management
platform manufactured by Nortel Networks Limited, Ontario,
Canada and such as are frequently installed and used for
public telephony support. . Information concerning the hardware
and software of these machines may be found in, for example,
the Nortel Networks Website located at
http://www.nortelnetworks.com/products, and subpages entitled
DMS Supernode Data Manager (SDM) ; DMS-1 Urban; DMS-10; DMS-10
STP; DMS-100; DMS-100 Wireless; DMS-250; DMS-300; DMS-300/250;
DMS-500; DMS-GSP; DMS-MTX; DMS-PSN/Programmable Switch; DMS-
SSP: DMS-STP; DMS-STP/SSP Integrated Node, and all associated
pages and links including Tech Specs thereunder, incorporated
by reference.
However, according to the invention the existing hardware
infrastructure such as the Nortel Networks Limited switching
equipment mentioned may be directed towards the separate
support of generalized ecommerce transactions, rather than for
traditional telephony purposes. The resulting transaction mechanism is secure, authenticated and may be fully or partly
anonymous as desired.
In the practice of the invention, the customer or
consumer operating the client 102 may access a Web page or
other network commerce portal of one or more of vendors 104a,
104b ... 104n, such as by accessing a secure Web server URL
(Universal Resource Locator) on a browser application on
client 102.
A software module running on the Web server or other
resource of vendors 104a, l'04b, ... 104n may intercept the
inquiry,- to determine if' the consumer has possession of a
personal ticket, digital certificate, digital signature, or
cookie other verifying data object. If the consumer operating
client 102 is in possession of a personal ticket 138 when
initiating a transaction at the Web site, the Web site or
other network resource of vendors 104a, 104b, ... 104n may
accept a copy of the personal ticket 138 over communication
link 114.
Al-ternatively individual key attributes supplied by the
consumer may communicated by the Web site of vendors 104a,
104b, ... 104n to a transaction server 106 for validation. The
transaction server 106 may be or include, for instance, a
workstation running the Microsoft Windows™ NT™, Windows™ 2000,
Unix, Linux, Xenix, IBM AIX, Hewlett-Packard UX, Novell Netware™, Sun Microsystems Solaris™, OS/2™, BeOS™, Mach,
Apache, OpenStep™ or other operating system or platform. The
personal ticket 138 may be received by the transaction server'
106 directly from the consumer operating client 102, or
relayed via the vendor 104a, 104b, ... 104n. Once received by
the transaction server 106,' the personal ticket 138 may be
communicated through telephony engine 108 for validation or
authentication against authentication database 110 and other
transaction processing.
Authentication database 110 may be, include or interface
to, for instance, a line Information database (LIDB) resource
operating according to the SS7 network protocol on the public
telecommunications network, as understood by persons skilled,
in the art. The authentication database 110 may likewise be,
include or interface to resources such as the ATT Corp.
Billing Validation Application (BVA) or the U.S. West Business
Validation Service (BVS) , or others.
The authentication database 110 may further be, include
or interface to, for example, the Oracle™ relational database
sold commercially by Oracle Corp. Other databases, such as
Informix™, DB2 (Database 2) or other data storage or query
formats or platforms such as OLAP (On Line Analytical
Processing) , SQL (Standard Query Language) , Microsoft Access™ or others may also be used, incorporated or accessed in the
invention.
The authentication database 110 may record consumer
account, personal ticket, digital certificate, digital
signature, digital envelope and other information, such as
calling card account, retail merchant account, credit card
account, debit card account or other financial or other
information. Upon authentication of the consumer's
transaction request against the authentication database 110,
an acceptance -signal may be passed via communications link 120
to telephony engine 108 and transaction server 106.
The validation against the authentication database 110
may be based on partial or anonymous information provided by
customer by the consumer operating the client 102. That is, a
consumer may simply provide an isolated identification number
or string which does not act as a key field into other
information relating to the consumer, at least for the vendor
or others .
Once., authentication is established against the separate
resource of authentication database 110, the transaction
server 106 may hash or encrypt a digital signature or one or
more key attributes or data fields associated with the personal ticket 138 for transmission to the Web site or other
resource of vendors, 104a, 104b, ... 104n. The vendor may receive this information, including the
personal ticket 138 in whole or part, and which may be in
encrypted form, for transaction execution, such as by the
commercially known NAAD [spell out acronym] protocol. If all
necessary information is present and valid, the vendors, 104a,
104b, ... 104n may embed further identification, transaction or
other information for the transaction into a further object
such as a digital signature, digital certificate, or digital
envelope for recording by the transaction server 106. The
digital envelope or other recordation of the transaction may
then be communicated to the telephony engine 108, which may in
turn pass a transaction summary to the. billing services 112 of
the telephony infrastructure.
Alternatively, payment may be made directly against
accounts registered within authentication database 110, for
reconciliation according to credit card, calling card, or
other arrangements.- If billed through billing services 112,
an account summary indicating a transaction activity may be
included -within a regular monthly or other telecommunications
statement issued by a telecommunications provider to their
customer, by mail or otherwise.
Because the authentication of the transaction may proceed
on selected attribute information provided by the consumer at
client 102, the information pertaining to the transaction may be kept private, except to the service provider operating the
transaction server 106 and related apparatus acting as a
trusted third party and intermediary for the consumer and the
vendor .
Because the personal ticket 138 may' be recorded and
transmitted in whole or part by the transaction server 106 on
a secure basis, a consumer may choose to permit account and
other information to persist for a given duration of time,
such as one month or one year, and therefore - permit the
consumer to initiate new transactions without the need for
reentering and revalidating all account information.
Encryption of the personal ticket 138 or other data objects or
information exchanged during transactions according to the
invention may be encrypted using the X.500, X.509, SSL (Secure
Socket Layer) , SET (Secure Electronic Transaction) or other
encryption or security techniques, to add safety or anonymity
to the implementation of the invention.
A transaction event according to the invention is
illustrated in Figure 2. As shown in that figure, a consumer
operating with client 102 may communicate attribute data 140
to the transaction server 106 to establish a potential or
pending transaction with one or more vendors 104a, 104b,
104n, after having established a secure account with the
transaction server 106 including authentication information recorded on authentication database 110. The transaction
server 106 may then transmit a confirmation 148 to the vendors
104a, 104b, ...104n confirming a desired status to the vendor,
such as being an existing account holder.
The given transaction vendor 104a, 104b, ... 104n, may then
present a query 150 to the consumer, to which the consumer may
reply with a response 152. The consumer at client 102 may
then engage in a secure dialog 154 with the transaction server
106, for instance via the telephony engine 108 or otherwise to
validate information against the authentication database 110.
After this communication, 'the transaction server 106 may issue
or validate a personal ticket 138 as belonging to the consumer
to vendors 104a, 104b, ...104n, thus establishing the validity
or identity of the consumer for purposes of the transaction
being performed.
After confirmation of purchase amounts, tax, shipping or
other transaction details, the transaction server 106 may
exchange transaction results 156 on a secure basis with the
vendor ...10.4a, 104b, ... 104n including to provide billing or
receipt information to the vendors, and/or to the consumer.
Access-controlled processing according to the invention
will be described with reference to Figure 3. In step 302,
processing begins. In step 304, the consumer may transmit
attribute data to the vendor 104a, 104b, ... 104n, for example "Registered owner of software X" without communicating full
identification or account information. In step 306, the
vendors 104a, 104b, ... 104n may interrogate the consumer at
client 102 for further information surrounding or connected to
the pending transaction In step 308, the consumer may engage
in a secure dialog with the transaction server 106 using, for
instance, the registration number for the register user of
software X as recorded in authentication database 110.
The service provider or operator of the transaction
server 106 may thus be securely aware of the identity of the
consumer, however the vendors 104a, 104b, ... 104n may not be
similarly aware. In step 310, the transaction server 106 may
prepare, decode, transmit or access a personal ticket 138
storing or presenting account and other information of the
consumer to the participating one or more of vendors 104a,
104b, ...104n or to client 102, for instance validating a credit
card account for purchase of a upgrade of software X.
In step 312, the transaction server 106 may communicate
with the -..vendor or vendors 104a, 104b, ... 104n to apply the
upgrade price or other transaction amount against the credit
card or other accounts, and in step 314 the transaction server
may reconcile the transaction. In step 316, an encrypted
receipt or other confirmation may be generated. In step 318,
processing ends . An overall architecture according to the invention
in another regard is illustrated in Figure 4, in which the
interconnection of the transaction server 106, a telephony
engine 108 such as the Nortel Networks DMS™ platform for
metering, billing or other associated services, the vendor
transaction site' or sites such as Web pages or other portals,
the client and other aspects are shown.
In general, according to the overall architecture in
which the invention in one embodiment may operate, consumers
may initiate and execute transactions over a dial-up,
broadband or other Internet or other network connections,
which transactions may be monitored and mediated via
transaction server 106, telephony engine 108 along with
attendant database, communications and other resources. The
messaging traffic between the consumer and the vendor, and
between the vendor and the authentication resources, again may
be of a partial, anonymous and/or secure nature.
This is at least in part because the invention does not
demand ... the transmission of complete identity or account
information, whether in' the clear, encrypted or otherwise, at
any one stage of the transaction process. Rather, a subset of
selected attributes, fields or keywords may be queried between
the consumer and the commercial vendor for the separate
transmission 'to the party, company or other organization operating the transaction server 106, telephony engine 108 or
authentication database 110, and only the party providing the
authentication function necessarily records more complete
information in order to carry out that task. As shown in that
figure and described above, billing against the consumer's
account, telephone bill or otherwise may be triggered by a
validated authentication sequence whose details may never be
communicated to the vendor. The vendor may consequently
receive payment directly or indirectly from banks or other
financial intermediaries separately after that process, with
whom the consumer separately reconciles. Transaction privacy
and flexibility for consumers are therefore enhanced.
The foregoing description of the system and method of the
invention is illustrative, and variations in configuration and
implementation will occur to persons skilled in the art. For
instance, while the invention has been described in terms of
the reuse of -telephony equipment provided by Nortel Networks Limited, telephone switching and other equipment provided by
other manufacturers may be similarly redirected.
Furthermore, certain resources such as computing, data,
communications or other resources illustrated as singular or
standalone may be distributed, and one or more separate
resources may be combined. Likewise, companies, organizations
or other parties operating or supervising different segments of the processing chain could be one in the same, so for
example authentication entities could also own or operate the
transaction engine or engines, or other resources.
Moreover, while the invention has been generally been
described with respect to purchase transactions involving the
debiting of the consumer's account, in another embodiment
steps of the transaction processing may be executed in reverse
manner to recharge, refund or otherwise credit the consumer's
account. The scope of the invention is accordingly intended
only by the following claims.

Claims

What is claimed is:
1. A system for the management of electronic
transactions, comprising:
a first interface to an authentication database via a
public telecommunications resource; and
a second interface, communicating with the first
interface, the second interface operative to communicate with
at least one network-enabled transaction site to execute a
transaction via the transaction site when validated against
the authentication database.
2. The system of claim 1, wherein the public
telecommunications resource comprises a connection via a
switching apparatus embedded in the public telecommunications
network.
3. The system of claim 2, further comprising an access
policy manager running on the switching apparatus.
4. The system of claim 3, wherein the authentication
database comprises at least one of an LIDB source, an OLAP
source,... and another relational database source communicating
with the switching apparatus .
5. The system of claim 1, wherein the network-enabled .
transaction site comprises an Internet connection.
6. The system of claim 5, wherein the validation
against the authentication database is performed using
attribute data.
7. The system of claim 6, wherein the attribute data is
a subset of information contained in the authentication
database.
8. The system of claim 7, wherein the attribute data
enables anonymous execution of the transaction.
9. The system of claim 1, further comprising a
transaction server, communicating with the first interface and
the second interface, the transaction server communicating
with the public telecommunications resource to manage the
execution of the transaction.
10. The system of claim 9, wherein the transaction
server issues at least one of a personal ticket, a digital
certificate, a digital signature, and a digital envelope in
connection with the transaction.
11. A method for the management of electronic
transac.ti--.ns, comprising:
a) communicating with at least one network-enabled
transaction site to execute a transaction via the
transaction site; and
b) validating the transaction against an authentication
database via a public telecommunications resource.
12. The method of claim 11, wherein the
telecommunications resource comprises a switching apparatus
embedded in the public telecommunications network.
13. The method of claim 12, further comprising a step' of
(c) running an access policy manager running on the switching
apparatus.
14. The method of claim 13, wherein the step (b) of
validating comprises a step of validating the transaction
against at least one of a LIDB source, an OLAP source, and
another relational database source.
15. The method of claim 11, wherein the network-enabled
transaction site comprises an Internet connection.
16. The method of claim 15, wherein the step (b) of
validating is performed using attribute data.
17. The method of claim 16, wherein the attribute data
is a subset of information contained in the authentication
database .
18. The method of claim 17, wherein the attribute data
permits., anonymous execution of the transaction.
19. The metho'd of claim 11, further comprising a step of
(d) managing the execution of the transaction on a transaction
server.
20. The method of claim 19, further comprising a step of
(e) issuing at least one of a personal ticket, a digital certificate, a digital signature, and a digital envelope in
connection with the transaction via the transaction server.
PCT/US2001/020147 2000-06-22 2001-06-22 System and method for application of network access policy to ecommerce transactions WO2001099021A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001278853A AU2001278853A1 (en) 2000-06-22 2001-06-22 System and method for application of network access policy to ecommerce transactions

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US21325300P 2000-06-22 2000-06-22
US60/213,253 2000-06-22

Publications (2)

Publication Number Publication Date
WO2001099021A1 true WO2001099021A1 (en) 2001-12-27
WO2001099021A9 WO2001099021A9 (en) 2003-03-06

Family

ID=22794338

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/020147 WO2001099021A1 (en) 2000-06-22 2001-06-22 System and method for application of network access policy to ecommerce transactions

Country Status (2)

Country Link
AU (1) AU2001278853A1 (en)
WO (1) WO2001099021A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5113499A (en) * 1989-04-28 1992-05-12 Sprint International Communications Corp. Telecommunication access management system for a packet switching network
US5864871A (en) * 1996-06-04 1999-01-26 Multex Systems Information delivery system and method including on-line entitlements
US5903721A (en) * 1997-03-13 1999-05-11 cha|Technologies Services, Inc. Method and system for secure online transaction processing

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5113499A (en) * 1989-04-28 1992-05-12 Sprint International Communications Corp. Telecommunication access management system for a packet switching network
US5864871A (en) * 1996-06-04 1999-01-26 Multex Systems Information delivery system and method including on-line entitlements
US5903721A (en) * 1997-03-13 1999-05-11 cha|Technologies Services, Inc. Method and system for secure online transaction processing

Also Published As

Publication number Publication date
WO2001099021A9 (en) 2003-03-06
AU2001278853A1 (en) 2002-01-02

Similar Documents

Publication Publication Date Title
US7287270B2 (en) User authentication method in network
US8201217B1 (en) Systems and methods for single sign-in for multiple accounts
EP1031106B1 (en) A retail method over a wide area network
USRE42154E1 (en) Parallel data network billing and collection system
US20020120563A1 (en) System and method for effecting anonymous payments
EP0926611A2 (en) Method for validation of electronic transactions
CN1998019A (en) System and method for securely authorizing and distributing stored-value card data
US6823318B1 (en) Secure purchases over a computer network
JP2942478B2 (en) Network billing method
US20080025490A1 (en) Method and System for Providing Long Distance Service
KR20070121618A (en) Payment agency server
CA2426376C (en) Method and system for facilitating a trusted on-line transaction between businesses and networked consumers
US20030130961A1 (en) System and method for making secure data transmissions
KR100481152B1 (en) On-line gift card system and method of providing the gift card
CA2329769A1 (en) Method and device in a computer network
US20010046283A1 (en) Arrangement for billing or billing authorization using a calling card
US20020136375A1 (en) System and method for utilization of call processing platform for ecommerce transactions
Tang A Set of Protocols for Micropayments in Distributed Systems.
WO2000075749A2 (en) Internet payment system
US20020032874A1 (en) System and method for identity verification
CN101004811A (en) System for processing mobile electric gift card
WO2001099021A1 (en) System and method for application of network access policy to ecommerce transactions
US6904136B1 (en) Secure method of payment
WO2002003290A1 (en) System and method for anonymous recharging of stored value accounts
KR100680266B1 (en) System for issue a cash receipt

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ CZ DE DE DK DK DM DZ EC EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

COP Corrected version of pamphlet

Free format text: PAGES 1-16, DESCRIPTION, REPLACED BY NEW PAGES 1-11; PAGES 17-20, CLAIMS, REPLACED BY NEW PAGES 12-15; PAGES 1/4-4/4, DRAWINGS, REPLACED BY NEW PAGES 1/4-4/4; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP